Construction Industry: We Don’t Have to Worry About Cyber Attacks?
There was a time when that statement was common—and even accurate. But that statement is far from correct now. In this article, we will address only the two (2) most frequent ‘attacks’ on contractors’ businesses.
“Ransomware”—Securing and holding your information for ransom is rampant in all industries—including construction. This type of attack is especially costly as it has at least two (2) ‘hits’. One is the ransom demanded to release the key that will decrypt the contractor’s information. The other ‘hit’ is the loss of income due to a shutdown of your project—or your entire business, while you wait for access to information so that you can continue your project or business activities.
The attacker captures, then encrypts confidential information about employees, projects, vendors, bid information, blueprints, financial information, etc.—until a ransom is paid. Whether you pay the ransom, your project or business shuts down, your reputation is harmed and you may have to pay penalties on the project for being behind schedule. The costs continue to rise in this situation, no matter what happens after the ransomware attack.
“Social Engineering”, or computer deception, or trickery is the second most common attack on contractors. Contractors are excellent targets for this type of attack. With construction industry employees working mostly in the field – using laptops, smartphones, and tablets, and with there being so many ‘employees’ on a project that perhaps belong to subcontractors, and with a significant ‘turnover’ of employees in this area, it is easy to see that it is difficult to keep control of all information in these scenarios. This allows the attacker to obtain all the information needed to send false invoices to you on behalf of your legitimate vendors. You pay these invoices, but the money diverts to the ‘hacker’ instead.
So, what can a contractor do to protect their company from these and other cyber exposures? The first step is to get rid of complacency! Accept that you are vulnerable too.
A company’s biggest cybersecurity weakness is it’s people – your employees who inadvertently help the attacker, perhaps by opening a ‘bad’ e-mail allowing access to your system. So training would help this, but with high turnover, it’s a continuing weakness. Consider encrypting your information, change your passwords often, and check with your insurance agent about purchasing a cyber liability insurance policy that includes both coverages.
About the Author
Share This Story
Related Blogs
Enhancing School Security: Practical Strategies for Safer Campuses
Enhancing school security is one of the most pressing responsibilities for education leaders today. As school campuses evolve, so too must the systems that protect them. For administrators, safety professionals, and district decision-makers, creating a secure learning environment means taking a proactive, layered approach that includes physical security, training, technology, and community involvement.
5 Common Cybersecurity Mistakes and How to Avoid Them
All organizations, regardless of their size or industry, are at risk of being targeted by cybercriminals. These malicious actors can conduct cyberattacks, leading to significant financial, operational and reputational damage that can be difficult or impossible to recover from. Fortunately, solid cyber hygiene practices can reduce the likelihood of data breaches and other cyber incidents from occurring, and many of these practices are relatively low-cost and easy to implement.
Insurance Coverage Basics For Boatowners
A small boat, such as a canoe or other un-motorized boat, is typically covered under the personal property portion of your homeowners insurance policy. If you own a larger, faster boat, you'll need a separate boatowners insurance policy. A typical boatowners insurance policy is designed to protect your boat, motor, equipment, and passengers. It affords similar coverages to those you typically have for your car including: